|
The RACF Security Server for z/VM 6.1 is available! While there are no functional RACF enhancements from V5.4, this release includes a roll-up of service items and a restructure of the RACF Security Administrator's Guide specifically for the z/VM client.
Prior releases of RACF for z/VM include:
- The RACF Security Server Function Level 540 (FL540) for z/VM 5.4. This release provides password and password phrase enveloping and LDAP change logging of user and group profile updates. These enhancements, along with an upgrade of the LDAP server to the z/OS V1.10 level allow you to retrieve updates, including password changes, from z/VM and securely propagate them across the enterprise.
- RACF Security Server feature Function Level 530 (FL530) for z/VM V5.3. This release of the RACF feature provides:
- All function and service in the z/OS V1.10 release. This includes the z/VM guest LAN and virtual switch support shipped in 1.10 APARs VM63452 (base support) and VM63750 (sniffer support).
- Mixed case password support.
- Passwords can now contain lower case alphabetic characters.
- Enablement of mixed case support, and updated password syntax rules, managed with the SETROPTS command.
- Password phrase support.
- A mixed-case password that is from 9 to 100 characters in length that can include blanks and other special characters.
- Can be used to logon to CP using local terminals or telnet and with FTP.
- Many password-related SETROPTS options apply to password phrases as well.
- Sample new-password-phrase exit ICHPWX11 which calls a REXX exec in which additional quality rules may be coded.
- Support for the new z/VM LDAP server. This allows LDAP clients (such as a Linux image) to:
- update and query information in RACF user and group profiles,
- authenticate to the LDAP server using a RACF password, and
- use LDAP services to submit remote authorization and audit requests to the RACF server.
- Various improvements to user related processing.
- Support for NOPASSWORD users. Such a user could still have a password phrase, and be forced to authenticate using it. Or, the user could have neither a password, nor a phrase, as an additional control for service virtual machines. RACF has been changed to create NOPASSWORD users by default, rather than setting the initial password to the user's default group.
- Improved auditing of password changes.
- Ability to specify NOEXPIRED on the ALTUSER command so that the password assigned does not need to be changed at LOGON. This is helpful to user management and password synchronization applications.
- Improved ALTUSER command places the user's current password in the password history list before changing the password.
- The SMF data unload utility can emit XML output so that it can be loaded to any XML-enabled application for analysis.
- Protection for the CP FOR command, and for DIAGNOSE X'88'.
- The RACF class descriptor table has increased the number of POSIT values available for use, resulting in the ability to add more customer-defined classes.
- Simplification of the documentation library by removal of information pertinent to only MVS (z/OS).
Starting with z/VM 5.3, RACF releases are specific to the release of the operating system, much like the Security Server for z/OS. That is, the RACF Security Server feature FL530 is supported only on z/VM 5.3, and is not planned to be supported on any other z/VM release.
 |
Program Directory |
Do you need a copy of the program directory for RACF for z/VM? No problem! Check out http://www.vm.ibm.com/progdir/ for a complete set of program directories for all supported z/VM releases.
This page was last updated November 2009.
| 
